Linux Hardening and Sandboxing Tips and Tools

Across Linux distributions there are plenty of ways to harden (ie restricting root accounts, firewalls, using systemd-analyze, securing your ssh server, etc) and sandbox (systemd-nspawn, firejail, flatpak, chroots, docker, apparmor, etc).

This thread is a place to compare tools, share your setups and hopefully create a rough outline of best practices for a secure & private setup.

Maybe this could be made into a community wiki post, similar to Sandboxing Apps with Bubblejail in Arch Distros and Sandboxing Applications on Desktop Linux.

2 Likes

Never knew about those posts, thanks for sharing!

Digging through it, my understanding is that the community wiki is 1-2 experts in an area summarizing best practices.

The goal of this thread can be more conversational, with the opportunity for “what does everyone think about <insert popular pkg here>”, “that pkg isn’t in my distro, what about <insert alternative pkg here>”, “what do you think of my conf file”, etc.

Also discovering new tools, finding out what works best for you, and hardening your distribution if it isn’t one of the PG recommendations.

Ideally in the long run, the conversations we have in this thread can lead to a more expansive community wiki and a pipeline towards people standardizing popular setups